public final class JwtTimestampValidator extends java.lang.Object implements OAuth2TokenValidator<Jwt>
OAuth2TokenValidator
for verifying claims in a Jwt-based access token
Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window
Jwt
,
OAuth2TokenValidator
,
JSON Web Token (JWT)Constructor and Description |
---|
JwtTimestampValidator()
A basic instance with no custom verification and the default max clock skew
|
JwtTimestampValidator(java.time.Duration clockSkew) |
Modifier and Type | Method and Description |
---|---|
void |
setClock(java.time.Clock clock)
'
Use this
Clock with Instant.now() for assessing
timestamp validity |
OAuth2TokenValidatorResult |
validate(Jwt jwt)
Verify the validity and/or constraints of the provided OAuth 2.0 Token.
|
public JwtTimestampValidator()
public JwtTimestampValidator(java.time.Duration clockSkew)
public OAuth2TokenValidatorResult validate(Jwt jwt)
validate
in interface OAuth2TokenValidator<Jwt>
jwt
- an OAuth 2.0 tokenpublic void setClock(java.time.Clock clock)
Clock
with Instant.now()
for assessing
timestamp validityclock
-